Disable Guest account and remove all rights (note: if using with Internet Information Server then ensure that web user account has permission to access appropriate directories and the right to “LOG ON LOCALLY”
Logging Off or Locking the Workstation
|
Completed
|
Not implemented
|
Not applicable
|
STATUS
|
|
|
|
Users should either log off or lock the workstation if they will be away from the computer for any length of time. Logging off allows other users to log on (if they know the password to an account); locking the workstation does not. The workstation can be set to lock automatically if it is not used for a set period of time by using any 32-bit screen saver with the Password Protected option. For information about setting up screen savers, see Help.
-
Install password protected screen saver that automatically starts if workstation is not used for 5-15 minutes
|
Completed
|
Not implemented
|
Not applicable
|
STATUS
|
|
|
|
Normally, you can shut down a computer running Windows NT Workstation without logging on by choosing Shutdown in the Logon dialog box. This is appropriate where users can access the computer’s operational switches; otherwise, they might tend to turn off the computer’s power or reset it without properly shutting down Windows NT Workstation. However, you can remove this feature if the CPU is locked away. (This step is not required for Windows NT Server, because it is configured this way by default.)
To require users to log on before shutting down the computer, use the Registry Editor to create or assign the following Registry key value:
Hive:
|
HKEY_LOCAL_MACHINE\SOFTWARE
|
Key:
|
\Microsoft\Windows NT\Current Version\Winlogon
|
Name:
|
ShutdownWithoutLogon
|
Type:
|
REG_SZ
|
Value:
|
0
|
The changes will take effect the next time the computer is started. You might want to update the Emergency Repair Disk to reflect these changes.
Hiding the Last User Name
|
Completed
|
Not implemented
|
Not applicable
|
STATUS
|
|
|
|
By default, Windows NT places the user name of the last user to log on the computer in the User name text box of the Logon dialog box. This makes it more convenient for the most frequent user to log on. To help keep user names secret, you can prevent Windows NT from displaying the user name from the last log on. This is especially important if a computer that is generally accessible is being used for the (renamed) built-in Administrator account.
To prevent display of a user name in the Logon dialog box, use the Registry Editor to create or assign the following registry key value:
Hive:
|
HKEY_LOCAL_MACHINE\SOFTWARE
|
Key:
|
\Microsoft\Windows NT\Current Version\Winlogon
|
Name:
|
DontDisplayLastUserName
|
Type:
|
REG_SZ
|
Value:
|
1
|
